Description

PHP remote file inclusion vulnerability in 123flashchat.php in the 123 Flash Chat 6.8.0 module for e107, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the e107path parameter.

Remediation

References

CVE-2008-1989

Related Vulnerabilities

MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-1686)

WordPress 5.1.x Prototype Pollution (5.1 - 5.1.12)

WordPress Plugin AVH Extended Categories Widgets SQL Injection (4.0.0)

WordPress Plugin WP TFeed includes Backdoor [Only if downloaded via the vendor website] (1.6.7)

WordPress Plugin Count per Day 'userperspan.php' Multiple Cross-Site Scripting Vulnerabilities (3.1.1)

Severity

Critical

Classification

CVE-2008-1989 CWE-94

Tags

Missing Update Known Vulnerabilities